This sponsored post is produced by Rubicon Labs.
When hackers remotely hijacked a speeding Chrysler Jeep in June, it marked the opening salvo in a new and escalating cyber-war between hackers and the auto industry, where new vehicles are increasingly Internet-enabled.
Just a week later, a security researcher disclosed he could breach GM’s vaunted OnStar system to unlock car doors, remotely start the ignition, and even access a car owner’s email and address.
Car and Driver magazine reports that researchers are expected to publish a paper later this year claiming they can remotely take control of new cars through the on-board “black boxes” that collect and transmit critical vehicle maintenance and performance data.
With a quarter of a billion “connected” vehicles joining the Internet of Things (IoT) by 2020, attacks on Internet-enabled cars and trucks may one day be as common as those on corporate networks that we read about daily. The undeniable reality is that vehicles have joined PCs, smartphones, and a growing list of IoT devices like security cameras, baby monitors and thermostats that can be hacked. This is the stark new reality facing automakers from Detroit to Tokyo and Munich to Palo Alto.
Mark Rosekind, Administrator of the National Highway Traffic Safety Administration (NHTSA), a federal watchdog arm of the U.S. Department of Transportation, recently sent his own warning flare to the auto industry about the car hacks: “It’s a shot across the bow. It’s a warning basically, that whether it happens again tomorrow or a month from now or a year from now, it doesn’t matter… Everybody’s been saying cyber-security. Now you have to step up.”
The major automakers have banded together to form an alliance to share information and analyze hacks, which is a good start but not nearly enough. It’s akin to locking a car door after the thief has stolen the radio. What’s needed are solutions that deny hackers access from all virtual doors to the central nervous system of all cars: the Controller Area Network (CAN) bus, which is where dozens of vehicle sensors and microcontrollers reside and take commands. A breach of a single vulnerable microcontroller is like having the keys to the ignition: a hacker can take the car anywhere, whether it’s gas-powered, electric or driver-less.
Quite literally, the key to ensuring car safety is to prevent the breach in the first place. Rubicon Labs’ approach is to use invisible keys that the CAN bus and microcontrollers can use but they have zero knowledge of their actual identity. As a result, it’s virtually impossible for a hacker to gain unauthorized access because the identity of the encryption keys is not known by any of the devices using them. Put another way: a bank robber can’t easily open the vault If bank employees honestly have no knowledge of the encrypted combination.
Dig deeper: Click here to see how Rubicon Labs protects hacks on autos and other Internet of Things (IoT) devices.
Once upon a time, it was enough to clamp The Club onto the steering wheel to prevent car theft and it would be high-tech to use LoJack — the vehicle equivalent of Find My iPhone — to recover a stolen vehicle. But those days of more than 25 years ago seem like a fairy tale and they are long gone when it comes to protecting access to today’s newer model cars designed with Internet access in mind. The auto and cyber-security industry need to unite to fight back and deploy their virtual weapons against real threats.
Rod Schultz is Vice President of Product at Rubicon Labs (www.RubiconLabs.io, Twitter: @0knowledgekeys), a venture-backed cyber-security startup that provides a hardware and software “root of trust” that creates invisible keys to protect Internet of Things (IoT) devices with zero knowledge of the keys.
Sponsored posts are content that has been produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. The content of news stories produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact firstname.lastname@example.org.